---
title: Make your malware seem like an image
course: code_malware
section: "Getting started"
layout: lesson
---

Before we start by creating our malware, it's important to make it seem like
another file, it would be worth nothing if you create the world's most powerful
virus, but when you send it to a victim they see a file "virus.exe". In order to
trick our target with files like "dolphin.png" or something like that.

You'll need WinRAR installed (by the purposes of this course I'll be using wine
as I don't have Windows installed). To install WinRAR you simply have to
navigate to their website [https://www.rarlab.com/](https://www.rarlab.com/download.htm)
and choose "Windows (64-bit)".

Once WinRAR is installed, we'll need an ".exe" file (which would be our virus)
and another file - i'll be using an image -.

Now, you'll have to fire up a web browser and navigate to the [ICO
Converter](https://www.icoconverter.com/) website. Once you are there, a page
like the following will be shown:

![](/img/courses/code_malware/ico_converter1.png)

First, you'll need to choose the image you chose before by clicking the "Browse"
button. When you have already done that, now, in the "Sizes" section you'll
deselect all the selected options and click **ONLY** "64 pixels" and finally,
click "Convert". An ".icon" file will be downloaded to your computer.

When the ".ico" file is already downloaded, you'll fire up WinRAR, you will
choose both the image and the ".exe" file and click the button "Add". A window
like the following will appear:

![](/img/courses/code_malware/winrar1.png)

The first thing you'd need to change is the content of "Archive name" replacing
it for the name of your image, in my case it would be: "image.jpg", in the
"Archiving options" section, you'll select the "Create SFX archive" option.

After that, go to the "Advanced" tab and clic the "SFX Options" button, again,
another window will be opened.

Once there, go to the "Setup" tab and in the first textbox you'll write the name
of the files which are going to be executed after the disguised malware we are
creating is opened, in this case, the image we chose and then the executable
file as it is shown in the following image:

![](/img/courses/code_malware/sfxSetup.png)

In the "Modes" tab, click the "Unpack to temporary folder" and in the "Silent
Mode" section you'll select the "Hide all" option. Your configuration **MUST**
look like it is shown in this image:

![](/img/courses/code_malware/sfxModes.png)

Then, go to the "Text and Icon" tab and clic the "Browse" button, when a file
chooser window is opened we'll look for the ".ico" file we converted and
downloaded before.

And finally, in the "Update" tab, we'll choose "Extract and update files" in the
"Update mode" section, and "Overwrite all files" in the "Overwrite mode"
section, the configuration should look like in this image:

![](/img/courses/code_malware/sfxUpdate.png)

Press "Ok" in all the windows that popped up and now, wait for a few instants
and you'll see a file called "image.jpg.exe", when that file is opened both the
image viewer with the image you chose and the malware will be extracted, moved
to a temporal location and executed.
